The present invention relates to a personal authentication method relative to an operator of a computer system and more particularly to a computer system which performs authentication on the basis of the fact that a password inputted from an input unit such as a keyboard is equal to a previously registered password.
In order to authenticate whether a user has the right to operate a computer system or not when the user operates the computer system a system is widely used in which the user is caused to input a password from the keyboard or the like and which performs authentication on the basis of the fact that the inputted password is equal to a previously registered password. This authentication is heretofore utilized as detection measures of illegal utilization of a computer system. For example, as described in ON-LINE MANUAL, Login (1) of HP-UX 90, when incorrect passwords are inputted by a prescribed number of times such as three times continuously or when the authentication is not completed during a prescribed time such as, for example, one minute, connection between the terminal and the computer system is cut off and the event thereof is recorded. As described in Paragraph 2.2 Security Function "User Account Security" of Windows NT 3.5 Security/Superintendence Guide (written by Microsoft Corporation, editorially translated by ASCII Network Technology, translated by ASCII Techwrite and published by ASCII, ISBN4-1017-7), when an incorrect pass word is input by a prescribed number of times or more continuously, the occurrences are recorded and are notified to a supervisor or manager.
Further, information relative to a terminal operated by a user is recorded, while the information is not utilized for detection of an illegal access. In the TCP wrapper which is a free software available from ftp://ftp.aistnara.ac.jp/pub/Secruity/tools/tcp_wrappers on the Internet, for example, utilization by specific terminals or other terminals except specific terminals is judged as illegal.
Furthermore, Japanese Patent Application laid-open No. JP-A-6-6347 discloses a method of monitoring the security on a network concentratedly.
Moreover, Japanese Patent Application laid-open No. JP-A-7-264178 discloses a system which specifies a place on a LAN of occurrence of an illegal access by means of information obtained from a relay apparatus.
The above-described conventional methods have the following problems.
In the system in which if a user fails in log-in even once the failure is adapted to be recorded, a failure is recorded even when a just user inputs a wrong password. It is difficult for a manager to judge whether the failure is caused by illegal utilization or merely wrong inputting.
When an illegal user inputs wrong passwords by the number of times (for example, two times) smaller than a prescribed number of times continuously in the method that connection is cut off if a user inputs wrong passwords by the prescribed number of times (for example, three times) continuously or when an illegal user cuts off connection by himself within a time shorter than a prescribed time (for example, one minute) in the method that connection is cut off if authentication is not completed during the prescribed time, such an possible act of illegal utilization cannot be recorded and naturally it is impossible to judge whether intrusion is made actually by illegal action or not.
Further, when wrong passwords are continuously inputted over a prescribed number of times in the system in which when authentication using a password fails the failure is recorded in a log, a lot of failure data in authentication are outputted and other important messages are buried.
Furthermore, since a time interval of counting failures is not provided in the above prior art, intrusion events having an inclination to be generally concentrated in a specific time zone cannot be seized.
When accesses are made from a plurality of places by using an account given to the same person, such acts or events are considered to be illegal utilization, while there is not provided means for detecting such events effectively.